Software Composition Analysis – Page 2

Bringing Your Retail Application Security Strategy Up to Par

Posted on June 10, 2020 by Matthew Rose

It’s no secret that retail has been in the midst of a massive digital transformation over the past few years, largely driven by emerging software and technology, as shoppers seek out new experiences, increased level of conveniences, and exciting … Continue reading Bringing Your Retail Application Security Strategy Up to Par→

Octopus Malware Compromises 26 OSS Projects on GitHub

Posted on May 29, 2020 by Brian Fox

Making a salad for lunch or dinner? What ingredients do you use? Lettuce, carrots, onions, tomatoes, dressing? If you just go by the list of ingredients, you know what you’ve used, but not the quality of the ingredients themselves. In the realm of… Continue reading Octopus Malware Compromises 26 OSS Projects on GitHub→

Real Talk: What Users Really Look For in a Software Composition Analysis (SCA) Solution

Posted on May 12, 2020 by Alyssa Shames

A few weeks ago, we wrote about the differences in SCA and SAST tools. While you can’t really compare the two, for most organizations, software composition analysis (SCA) is likely the best place to start. We also mentioned if you do choose … Continue reading Real Talk: What Users Really Look For in a Software Composition Analysis (SCA) Solution→

Your Guide to AppSec Tools: SAST or SCA?

Posted on April 16, 2020 by Alyssa Shames

The application security market is saturated with tools like DAST, SAST, IAST, and RASP – which can be overwhelming. Each of these tools play a specific security role within the SDLC, but are they really representative of AppSec risk or just diff… Continue reading Your Guide to AppSec Tools: SAST or SCA?→

Top open source licenses and legal risk for developers

Posted on October 21, 2019 by Synopsys Editorial Team

Learn about the top open source licenses used by developers, including the 20 most popular open source licenses, and their legal risk categories.
The post Top open source licenses and legal risk for developers appeared first on Software Integrity Blog… Continue reading Top open source licenses and legal risk for developers→

Top 3 reasons to choose Black Duck

Posted on October 14, 2019 by Shandra Gemmiti

What sets Black Duck apart from other SCA solutions? Industry-leading innovation, extensive vulnerability detection, and a broad range of integrations.
The post Top 3 reasons to choose Black Duck appeared first on Software Integrity Blog.
The post Top… Continue reading Top 3 reasons to choose Black Duck→

How to choose application security vendors and tools

Posted on October 8, 2019 by Taylor Armerding

Unless you build your own AppSec tools, you need to know how to choose an application security vendor and whether to opt for individual tools or a suite.
The post How to choose application security vendors and tools appeared first on Software Integrit… Continue reading How to choose application security vendors and tools→

Win a $100 Gift Card: Take a Brief Survey on Software Composition Analysis

Posted on September 20, 2019 by Shade Solon

Sonatype is building a software composition analysis tool for GitHub Actions and would love to understand your needs. If you are excited about GitHub Actions and looking for ways to understand the open source dependencies that make up your softwar… Continue reading Win a $100 Gift Card: Take a Brief Survey on Software Composition Analysis→

Introducing the Black Duck Jira Cloud integration

Posted on August 27, 2019 by Sydney Boncoddo

The Black Duck Jira Cloud integration is based on a flexible, customizable model, backed by the same exemplary Black Duck software composition product.
The post Introducing the Black Duck Jira Cloud integration appeared first on Software Integrity Blo… Continue reading Introducing the Black Duck Jira Cloud integration→

Introducing the Black Duck Jira Cloud integration

Posted on August 27, 2019 by Sydney Boncoddo